index_223
UNCLASSIFIED
Appendices
Version 1.0g
UNCLASSIFIED
223
Section
Topic
Application to Switches
4.4
Routing
protocols
This section is not generally applicable to switches.
[Note: some Catalyst 5000 and higher series switches are
equipped with a Route Switch Module. This module is
essentially a 4700-series IOS router attached to the switch.
It should be configured using Section 4 like any other
router.]
4.5
Audit and
Management
Almost all of this section applies to IOS-based switches;
some switch IOS versions do not support NTP, and must
have their time set manually. All switches support RMON
and SMTP; they should be disabled if not in use, or access
to them should be restricted.
4.6
Access control
with AAA
All of this section is applicable to IOS -based switches, if
they support AAA (IOS 11.2 and later).
Note that Cisco switch-resident routing hardware (e.g. Catalyst 5000 series Route
Switch Modules) can and should be configured using the guidance in Section 4, after
careful consideration of its role in the network security policy.
Most of the security testing guidance given in Section 6 also applies to LAN
switches.